Social Engineering is on the Rise
Cybersecurity Trends
While encryption technologies, systems, and standards have become incredibly secure over the past decade, it has become increasingly clear that the the largest
cybersecurity threat to nearly any organization is its people.
For example, modern encryption standards have made it nearly impossible for even the most
sophisticated hackers working over several months to decrypt login credentials, but even a single social engineer can often trick a user into providing their own
credentials within a few days. During simulated campaigns, Silent Breach social hackers have found that a layered attack - combining phishing, vishing, as well as
targeted 'spear phishing' attacks - can critically breach 90% of businesses within one week, all without writing a single line of code.
Above all, it is your organization's people, not its systems, who comprise both your greatest asset and, simulateously, your greatest challenge. The
future of cybersecurity, then, lies in developing psychological and technological solutions to both guard against
social engineering as well as create a more resilient and knowledgeable workforce. Here are five ways of defending against social engineering that will become
increasingly prevalent - and necessary - in the decade ahead:
1. Training & Shared Responsibility
The reality is that marketing executives and lobby receptionists are just as responsible for protecting company data as are the cubicle-dwelling IT technicians.
Accordingly, any cybersecurity strategy must create a dynamic of shared responsibility at its core if it is to be at all effective. This means introducing training
workshops, awareness programs, and consistent top-down messaging. Cybersecurity is only secure when it's everyone's responsibility. Information security cannot be
contained in a set of regulations or handed off to a security department. To be effective, it must lead to a complete transformation in organizational priorities
and culture.
2. Continuous Monitoring
This is why Silent Breach focuses on helping our clients undergo a holistic security transformation, rather than simply providing silver bullet solutions. For
example, our upcoming Continuous Monitoring solution, Quantum Armor, provides clients with near real-time insight into their security posture, all with 360° of
transparency. Continuous Monitoring can significantly reduce your social engineering risk by alerting you to suspicious IP activities, complete with a time-stamped
and geographic breakdown. Furthermore, Quantum Armor performs routine scans of the stockpiles of compromised credentials released onto the Dark Web to ensure that
your organization's credentials have not been breached.
3. Two-Factor Authentication (2FA)
Simply forcing users to enter a code sent via SMS or email (in addition to their usual credentials) is probably the single most effective measure to protect
against social engineering. As 2FA becomes increasingly commonplace (even amongst relatively innocuous applications like MailChimp), enterprises would do well to
implement it across the board. We should never allow user experience to override user safety.
4. USB Locks
Much like the Trojan Horse used by the Greeks to infiltrate the city of Troy, modern-day attacks are often carried out using seemingly innocent devices. Famously,
the Stuxnet virus that brought down Iranian nuclear facilities in 2010 was introduced via a USB drive. The solution? Many USB locks are available on the market to
securely plug open ports across all of your devices.
5. Implement DMARC
The basis of any social engineering attack relies on the hacker's ability to persuade you that they're trustworthy. Accordingly, any form of automated
authentication that you can implement will help reduce your susceptibility to social engineering attacks. One popular form of email authentication is DMARC
(Domain-based Message Authentication, Reporting & Conformance). DMARC uses the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to prevent
malicious actors from sending emails from a domain name that doesn't belong to them, what is known as spoofing. In other words, if DMARC detects that a given
email fails both the SPF and DKIM checks, it won't allow the email to enter your inbox in the first place.
Protect your business. Talk to a Silent Breach representative today to schedule your comprehensive social engineering audit.
About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.